package com.elab.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;

@Configuration
//@EnableAuthorizationServer //提供/oauth/authorize,/oauth/token,/oauth/check_token,/oauth/confirm_access,/oauth/error
public class OAuth2ServerConfig extends AuthorizationServerConfigurerAdapter {
	@Override
	public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
		oauthServer
		.realm("oauth2-resources") //code授权添加
		.tokenKeyAccess("permitAll()")
		.checkTokenAccess("isAuthenticated()") //allow check token
		//允许表单认证
		.allowFormAuthenticationForClients();
		/*oauthServer
        .tokenKeyAccess("permitAll()") //url:/oauth/token_key,exposes public key for token verification if using JWT tokens
        .checkTokenAccess("isAuthenticated()") //url:/oauth/check_token allow check token
        .allowFormAuthenticationForClients();*/
	}

	/**
	 * 注入authenticationManager
	 * 来支持 password grant type
	 */
	@Autowired
	private AuthenticationManager authenticationManager;
	
	/*@Autowired
	private UserDetailsService userDetailsService;*/

	@Override
	public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
		endpoints.authenticationManager(authenticationManager)
		
		//.userDetailsService(userDetailsService)
		//允许 GET、POST 请求获取 token，即访问端点：oauth/token
		.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
	}
	@Override
	public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
		clients.inMemory()
		.withClient("demoApp")
		.secret("demoAppSecret")
		.redirectUris("http://baidu.com")//code授权添加
		.authorizedGrantTypes("authorization_code","client_credentials", "password", "refresh_token")
		.scopes("all")
		.resourceIds("oauth2-resource")
		.accessTokenValiditySeconds(1200)
		.refreshTokenValiditySeconds(50000);
	}
	
	/******************************************
     * 以下为实验性代码 1.0.0
     ******************************************/
	
	
	/******************************************
     * 以上为实验性代码 1.0.0
     ******************************************/
}
